chore(cmake/modules): libscap.patch is no longer needed

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

cmake/modules/falcosecurity-libs-repo/CMakeLists.txt

@@ -25,4 +25,4 @@ ExternalProject_Add(
   BUILD_COMMAND ""
   INSTALL_COMMAND ""
   TEST_COMMAND ""
-  PATCH_COMMAND patch -p1 -i ${CMAKE_CURRENT_SOURCE_DIR}/patch/libscap.patch && patch -p1 -i ${CMAKE_CURRENT_SOURCE_DIR}/patch/luajit.patch)
+  PATCH_COMMAND patch -p1 -i ${CMAKE_CURRENT_SOURCE_DIR}/patch/luajit.patch)

cmake/modules/falcosecurity-libs-repo/patch/libscap.patch

@@ -1,49 +0,0 @@
-diff --git a/userspace/libscap/scap.c b/userspace/libscap/scap.c
-index 6f51588e..5f9ea84e 100644
---- a/userspace/libscap/scap.c
-+++ b/userspace/libscap/scap.c
-@@ -55,7 +55,7 @@ limitations under the License.
- //#define NDEBUG
- #include <assert.h>
- 
--static const char *SYSDIG_BPF_PROBE_ENV = "SYSDIG_BPF_PROBE";
-+static const char *SYSDIG_BPF_PROBE_ENV = "FALCO_BPF_PROBE";
- 
- //
- // Probe version string size
-@@ -114,7 +114,7 @@ scap_t* scap_open_udig_int(char *error, int32_t *rc,
- static uint32_t get_max_consumers()
- {
- 	uint32_t max;
--	FILE *pfile = fopen("/sys/module/" PROBE_DEVICE_NAME "_probe/parameters/max_consumers", "r");
-+	FILE *pfile = fopen("/sys/module/" PROBE_DEVICE_NAME "/parameters/max_consumers", "r");
- 	if(pfile != NULL)
- 	{
- 		int w = fscanf(pfile, "%"PRIu32, &max);
-@@ -186,7 +186,7 @@ scap_t* scap_open_live_int(char *error, int32_t *rc,
- 				return NULL;
- 			}
- 
--			snprintf(buf, sizeof(buf), "%s/.sysdig/%s-bpf.o", home, PROBE_NAME);
-+			snprintf(buf, sizeof(buf), "%s/.falco/%s-bpf.o", home, PROBE_NAME);
- 			bpf_probe = buf;
- 		}
- 	}
-@@ -344,7 +344,7 @@ scap_t* scap_open_live_int(char *error, int32_t *rc,
- 				else if(errno == EBUSY)
- 				{
- 					uint32_t curr_max_consumers = get_max_consumers();
--					snprintf(error, SCAP_LASTERR_SIZE, "Too many sysdig instances attached to device %s. Current value for /sys/module/" PROBE_DEVICE_NAME "_probe/parameters/max_consumers is '%"PRIu32"'.", filename, curr_max_consumers);
-+					snprintf(error, SCAP_LASTERR_SIZE, "Too many Falco instances attached to device %s. Current value for /sys/module/" PROBE_DEVICE_NAME "/parameters/max_consumers is '%"PRIu32"'.", filename, curr_max_consumers);
- 				}
- 				else
- 				{
-@@ -2175,7 +2175,7 @@ int32_t scap_disable_dynamic_snaplen(scap_t* handle)
- 
- const char* scap_get_host_root()
- {
--	char* p = getenv("SYSDIG_HOST_ROOT");
-+	char* p = getenv("HOST_ROOT");
- 	static char env_str[SCAP_MAX_PATH_SIZE + 1];
- 	static bool inited = false;
- 	if (! inited) {

cmake/modules/falcosecurity-libs.cmake

@@ -20,8 +20,8 @@ file(MAKE_DIRECTORY ${FALCOSECURITY_LIBS_CMAKE_WORKING_DIR})
 # default below In case you want to test against another falcosecurity/libs version just pass the variable - ie., `cmake
 # -DFALCOSECURITY_LIBS_VERSION=dev ..`
 if(NOT FALCOSECURITY_LIBS_VERSION)
-  set(FALCOSECURITY_LIBS_VERSION "17f5df52a7d9ed6bb12d3b1768460def8439936d")
+  set(FALCOSECURITY_LIBS_VERSION "refactor/naming")
-  set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=34a2a466f1e5045591f102de2bc812d9b4f0d5874094cc73b97a7970fb2a3a18")
+  set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=f7269b0099d635eb4f0e3e36157177482243d561ef063f41a2cf9b036dd014a3")
 endif()
 
 # cd /path/to/build && cmake /path/to/source

userspace/falco/falco.cpp

@@ -123,6 +123,9 @@ static void usage()
 	   "                               for this option, it will be interpreted as the name of a file containing bearer token.\n"
 	   "                               Note that the format of this command-line option prohibits use of files whose names contain\n"
 	   "                               ':' or '#' characters in the file name.\n"
+	   " --k8s-node <node_name>        The node name will be used as a filter when requesting metadata of pods to the API server.\n"
+	   "                               Usually, it should be set to the current node on which Falco is running.\n"
+	   "                               If empty, no filter is set, which may have a performance penalty on large clusters.\n"
 #endif
 	   " -L                            Show the name and description of all rules and exit.\n"
 	   " -l <rule>                     Show the name and description of the rule with name <rule> and exit.\n"
@@ -469,6 +472,7 @@ int falco_init(int argc, char **argv)
 #ifndef MINIMAL_BUILD
 	string* k8s_api = 0;
 	string* k8s_api_cert = 0;
+	string *k8s_node_name = 0;
 	string* mesos_api = 0;
 #endif
 	string output_format = "";
@@ -517,6 +521,7 @@ int falco_init(int argc, char **argv)
 			{"ignored-events", no_argument, 0, 'i'},
 			{"k8s-api-cert", required_argument, 0, 'K'},
 			{"k8s-api", required_argument, 0, 'k'},
+			{"k8s-node", required_argument, 0},
 			{"list", optional_argument, 0},
 			{"mesos-api", required_argument, 0, 'm'},
 			{"option", required_argument, 0, 'o'},
@@ -693,6 +698,15 @@ int falco_init(int argc, char **argv)
 				{
 				  cri_async = false;
 				}
+#ifndef MINIMAL_BUILD
+				else if(string(long_options[long_index].name) == "k8s-node")
+				{
+					k8s_node_name = new string(optarg);
+					if (k8s_node_name->size() == 0) {
+						throw std::invalid_argument("If --k8s-node is provided, it cannot be an empty string");
+					}
+				}
+#endif
 				else if (string(long_options[long_index].name) == "list")
 				{
 					list_flds = true;
@@ -1249,7 +1263,7 @@ int falco_init(int argc, char **argv)
 					k8s_api_cert = new string(k8s_cert_env);
 				}
 			}
-			inspector->init_k8s_client(k8s_api, k8s_api_cert, verbose);
+			inspector->init_k8s_client(k8s_api, k8s_api_cert, k8s_node_name, verbose);
 			k8s_api = 0;
 			k8s_api_cert = 0;
 		}
@@ -1265,7 +1279,7 @@ int falco_init(int argc, char **argv)
 					}
 				}
 				k8s_api = new string(k8s_api_env);
-				inspector->init_k8s_client(k8s_api, k8s_api_cert, verbose);
+				inspector->init_k8s_client(k8s_api, k8s_api_cert, k8s_node_name, verbose);
 			}
 			else
 			{